<?php
	require_once 'conn/DBconnect.php';
	require_once 'utils/securityUtils.php';
	
	session_start();
	
	if(isset($_SESSION['tokenNumber']) && isset($_SESSION['loginToken']) && $_SESSION['tokenNumber'] == $_POST["token"])
	{
		$params[0] = $_SESSION["loggedUser"]["pi_email_add"];
		$params[1] = $_POST['oldpassword'];
		$params[2] = $_POST['newpassword'];
		$params[3] = "CHANGE_PASSWORD";
				
		$loginPROC = "CALL SP_VALIDATOR('" . implode("', '", $params) . "');";
		$result = mysqli_query($mysqlLink, $loginPROC);
		$row = mysqli_fetch_array($result, MYSQLI_ASSOC);
				
		if( $row["err_id"] != '-1')
		{
			echo $row["err_id"];
			SecurityUtils::updateToken();
		}
		else 
		{
			echo $row["err_code"];
		}
	}
	else
		echo "Invalid request.";